Lucene search

[email protected]CVE-2008-5279

HistoryNov 29, 2008 - 2:30 a.m.

CVE-2008-5279

2008-11-2902:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-5279

local zim server

zcs.exe

zilab chat

instant messaging

zim server

remote code execution

buffer overflows

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.034 Low

EPSS

Percentile

91.5%

JSON

The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

zilabzim_serverRange≤2.1

zilabzim_serverMatch2.0

CPENameOperatorVersion
zilab:zim_serverzilab zim serverle2.1
zilab:zim_serverzilab zim servereq2.0

CPE	Name	Operator	Version
zilab:zim_server	zilab zim server	le	2.1
zilab:zim_server	zilab zim server	eq	2.0

References

aluigi.altervista.org/adv/zilabzcsx-adv.txt

aluigi.org/poc/zilabzcsx.zip

secunia.com/advisories/29062

www.securityfocus.com/bid/27940

www.vupen.com/english/advisories/2008/0664

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.034 Low

EPSS

Percentile

91.5%

JSON

Related for CVE-2008-5279

prion1 cvelist1 nvd1 openvas2